Wednesday, February 25, 2009

Cigital’s Principals podcast

21st episode of The Silver Bullet Security Podcast.
Interview with Cigital’s Principals

John Steve: helping companies build their own software security capability.
Pravir Chandra: training & helping our customers do strategy all the way down to security assessments.
Sammy Migues: service line management at Cigital and do a lot of monetizing of
intellectual property.

best way for a big company to get started with security: focus on what their strength & what they can do well - giving smart ppl little more security knowledge, playing to their curiosity.

CLASP, M$'s SDL, Cigital's Touchpoints

we need someone to be a practitioner and not just an enabler of bad events

sw security training - tell them how to implement things, give the skill not only make them aware.

the instructor has to have experience & a practitioner

in the past programming language like C, we have to do everything, nowadays building app on the like a J2EE platform, there are so many aspect of the arch that are enforced upon you by the platform itself - it makes a hell of a lot easier to put together a doc of what ur arch does because u r just following the patterns that have been laid out before u.

lenght: 23:35m

Labels: ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home